If the Elasticsearch security features are enabled, you must have monitor_ml,
monitor, manage_ml, or manage cluster privileges to use this API. You also
need read index privilege on the index that stores the results. The
machine_learning_admin and machine_learning_user roles provide these
privileges. See Security privileges and
Built-in roles.

You can summarize the bucket results for all anomaly detection jobs by using _all or
by specifying * as the <job_id>.

By default, an overall bucket has a span equal to the largest bucket span of the
specified anomaly detection jobs. To override that behavior, use the optional
bucket_span parameter. To learn more about the concept of buckets, see
Buckets.

The overall_score is calculated by combining the scores of all the buckets
within the overall bucket span. First, the maximum anomaly_score per
anomaly detection job in the overall bucket is calculated. Then the top_n of those
scores are averaged to result in the overall_score. This means that you can
fine-tune the overall_score so that it is more or less sensitive to the number
of jobs that detect an anomaly at the same time. For example, if you set top_n
to 1, the overall_score is the maximum bucket score in the overall bucket.
Alternatively, if you set top_n to the number of jobs, the overall_score is
high only when all jobs detect anomalies in that overall bucket. If you set
the bucket_span parameter (to a value greater than its default), the
overall_score is the maximum overall_score of the overall buckets that have
a span equal to the jobs' largest bucket span.

(Optional, boolean) If true, the output excludes interim overall buckets.
Overall buckets are interim if any of the job buckets within the overall
bucket interval are interim. By default, interim results are included.